Digital identity in the UK: a new start or another false dawn?

The Digital Identity Strategy Board has announced its next steps towards introducing a UK national digital identity scheme, with new guiding principles and plans to update existing laws. It’s reassuring that the failure of GOV.UK Verify hasn’t put a stop to all digital identity ambitions. The question is: will the government learn from past mistakes?

The proposal says that given the current demands for social distancing, it makes sense to reduce human contact as much as possible—something that digital identity makes far easier. The pandemic has increased online applications for support and these have proved difficult. The board revealed that 2.6 million people made a claim for the Self-Employment Income Support Scheme and that 1.4 million had no prior digital identity credentials and found it necessary to use HMRC’s identity verification service.

The strategy is based on six principles of privacy, transparency, inclusivity, interoperability, proportionality and good governance. These are strong foundations but need to be more than just theory. In practice, these principles will rely on how the public sector works with partners in the private sector. Privacy is especially a sensitive area at the moment, when personal data is accessed the public will need to have confidence in a partner that will keep data secure. In the latest Battle to Onboard Report: The impact of COVID-19 and beyond findings showed that banks were the most trusted entity (73%) followed by governments (65%).

GOV.UK Verify, the UK’s ill-fated attempt at digital identity, launched in private beta in 2014, with the service finally going live to the public in May 2016—several years later than originally planned. The service was considered by most to be a disaster with difficulty signing up and numerous errors and problems. For a service that was designed to ease the onboarding processes, it seemed to do just the opposite. As an example, the largest projected application for GOV.UK Verify was Universal Credit, the Department for Work and Pension benefit programme. Only 38% of applicants were able to successfully use the program when claiming benefits, against a target of 90%. The service fell well short of target and it is now almost abandoned and essentially up for sale.

The failure of GOV.UK Verify is an important lesson that digital identity infrastructure is dependent on partnership with, and use by, private companies to be successful in encouraging wider societal adoption. Governments that go it alone, invariably fail.

The UK government is not alone in this, there have been a number of digital identity failures over the years.

What the UK should do is study the success stories and copy them. There are several Nordic schemes that can offer a blueprint for success:

• BankID in Norway: 4 million users, 74% of the population
• BankID in Sweden: 8 million users, 78% of the population
• NemID in Denmark: 4.7 million users, 85% of the population
• FTN in Finland: 4.7 million users, 87% of the population   

The most successful digital identity schemes rely on private partnerships, often with banks. BankID in Norway has become so successful that its users are able to verify their identity for everything from submitting tax returns and filing for a mortgage to proving you are old enough to use a sun bed. Banks decided to compete on financial services, not identity, which enabled a unified and wider societal adoption of BankID, further facilitated by the Norwegian State Education Loan Fund.

The reason banks make such good partners is because banks already check the identity of their customers. Strict Anti-Money Laundering (AML) and Know Your Customer (KYC) policies demand that they have this information. In addition, they are trusted institutions, keeping out money safe and highly regulated. Banks could be the key to a new business model around digital identity, and according to Signicat’s “Battle to Onboard 2020: the impact of Covid and beyond” market research surveying over 40000 consumers across Europe demonstrate that banks are remain highly trusted entities surpassing government.

While the Nordics offer a good starting point for building a digital identity strategy its important to take note the UK is very different country socially and politically. Looking at the main barriers to entry on why digital ID has never taken hold comes from a few different factors: 

• Lower trust (in general)
• More competitive business environment- which is a challenge, since eID requires cooperation)
• Larger population to manage - UK 54M compared to Nordics 26M
• Lack of National Identification Number, which makes it easier to recognize the same individual “everywhere”

However, this is only a set of principles and not a concrete plan. Until we know more about how and who the government is partnering with, if anyone, we won’t know if the strategy is sound—or is another false start for digital identity in the UK.